- Open the PowerShell ISE → Run the following cmdlet, paying close attention to the properties used:
Search-ADAccount -Server $ThisDomain -Credential $Creds -AccountExpired -UsersOnly -ResultPageSize 2000 -resultSetSize $null| Select-Object Name, SamAccountName, DistinguishedName, AccountExpirationDate
- Review the accounts listed in the PowerShell output:
- Run Netwrix Auditor → Navigate to "Reports" → Expand the "Active Directory" section → Go to "Active Directory – State-in-Time" → Select "User Accounts - Expired" → Click "View".
- To get this report by email regularly, simply choose the "Subscribe" option and define the schedule and recipients.
Quickly Find Expired User Accounts Instead of Scripting in PowerShell
As a part of security management best practices, Active Directory administrators have to find expired user accounts so they can remove or disable them before an attacker has time to take them over. User accounts for vendors or contractors are often needed only temporally, but even if the IT team sets an expiration date, a malicious actor can reset the date by running a simple ADAccount cmdlet and then use the account as a backdoor to gain access to IT systems like Windows Server and Microsoft Active Directory. Therefore, it’s critical to ensure that you know about all expired user accounts in your Active Directory and delete any of them that are no longer needed to minimize risk and make your IT environment more secure.
Of course, you can get AD user expired accounts using PowerShell. However, it does requires skill, time and effort to write a Windows PowerShell script, pull the required data from your domain and compile a report.
Unlike PowerShell commands and legacy software solutions, Netwrix Auditor for Active Directory makes it easy to quickly get expired users. In a few clicks, you can find any user accounts that expired, so you can determine whether they are still needed or can be deleted as part of IT housekeeping procedures. You can easily filter the results and export the list of expired user accounts to any of multiple file formats, including CSV. And you can subscribe to the report to stay current on any changes to the list of expired user accounts to improve the security of your IT environment.